mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-09 18:54:31 +00:00
refactor(gateway): share device signature reject path
This commit is contained in:
Peter Steinberger
@@ -561,6 +561,21 @@ export function attachGatewayWsMessageHandler(params: {
|
|||||||
nonce: providedNonce || undefined,
|
nonce: providedNonce || undefined,
|
||||||
version: providedNonce ? "v2" : "v1",
|
version: providedNonce ? "v2" : "v1",
|
||||||
});
|
});
|
||||||
|
const rejectDeviceSignatureInvalid = () => {
|
||||||
|
setHandshakeState("failed");
|
||||||
|
setCloseCause("device-auth-invalid", {
|
||||||
|
reason: "device-signature",
|
||||||
|
client: connectParams.client.id,
|
||||||
|
deviceId: device.id,
|
||||||
|
});
|
||||||
|
send({
|
||||||
|
type: "res",
|
||||||
|
id: frame.id,
|
||||||
|
ok: false,
|
||||||
|
error: errorShape(ErrorCodes.INVALID_REQUEST, "device signature invalid"),
|
||||||
|
});
|
||||||
|
close(1008, "device signature invalid");
|
||||||
|
};
|
||||||
const signatureOk = verifyDeviceSignature(device.publicKey, payload, device.signature);
|
const signatureOk = verifyDeviceSignature(device.publicKey, payload, device.signature);
|
||||||
const allowLegacy = !nonceRequired && !providedNonce;
|
const allowLegacy = !nonceRequired && !providedNonce;
|
||||||
if (!signatureOk && allowLegacy) {
|
if (!signatureOk && allowLegacy) {
|
||||||
@@ -577,35 +592,11 @@ export function attachGatewayWsMessageHandler(params: {
|
|||||||
if (verifyDeviceSignature(device.publicKey, legacyPayload, device.signature)) {
|
if (verifyDeviceSignature(device.publicKey, legacyPayload, device.signature)) {
|
||||||
// accepted legacy loopback signature
|
// accepted legacy loopback signature
|
||||||
} else {
|
} else {
|
||||||
setHandshakeState("failed");
|
rejectDeviceSignatureInvalid();
|
||||||
setCloseCause("device-auth-invalid", {
|
|
||||||
reason: "device-signature",
|
|
||||||
client: connectParams.client.id,
|
|
||||||
deviceId: device.id,
|
|
||||||
});
|
|
||||||
send({
|
|
||||||
type: "res",
|
|
||||||
id: frame.id,
|
|
||||||
ok: false,
|
|
||||||
error: errorShape(ErrorCodes.INVALID_REQUEST, "device signature invalid"),
|
|
||||||
});
|
|
||||||
close(1008, "device signature invalid");
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
} else if (!signatureOk) {
|
} else if (!signatureOk) {
|
||||||
setHandshakeState("failed");
|
rejectDeviceSignatureInvalid();
|
||||||
setCloseCause("device-auth-invalid", {
|
|
||||||
reason: "device-signature",
|
|
||||||
client: connectParams.client.id,
|
|
||||||
deviceId: device.id,
|
|
||||||
});
|
|
||||||
send({
|
|
||||||
type: "res",
|
|
||||||
id: frame.id,
|
|
||||||
ok: false,
|
|
||||||
error: errorShape(ErrorCodes.INVALID_REQUEST, "device signature invalid"),
|
|
||||||
});
|
|
||||||
close(1008, "device signature invalid");
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
devicePublicKey = normalizeDevicePublicKeyBase64Url(device.publicKey);
|
devicePublicKey = normalizeDevicePublicKeyBase64Url(device.publicKey);
|
||||||
|
|||||||
Reference in New Issue
Block a user